[Cryptography] Explaining PK to grandma
Phillip Hallam-Baker
hallam at gmail.com
Tue Dec 3 20:29:43 EST 2013
On Tue, Dec 3, 2013 at 2:56 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>wrote:
> "Wendy M. Grossman" <wendyg at pelicancrossing.net> writes:
>
> >P.S. I am really fed up with elderly females always being the go-to
> example
> >of the clueless user.
>
> They're not being used as examples of clueless users, they're
> representative
> personas. Geeks have a really bad problem of design-for-the-self, creating
> software that's designed for people like themselves. The best way to
> combat
> this is through usability testing, except that few developers will ever do
> that.
I disagree. I have looked at a lot of security usability studies and most
are utter junk. The problem is that the usability field is really about how
to sell stuff to people and focuses on the fifteen minutes or so evaluation
that a prospective buyer makes. That has little to do with long term
usability.
Test subjects are completely aware that they are in an artificial lab
setting. So they are far more accepting of errors etc. thinking that they
are accidental rather than part of the test.
I think that usability by comparison is a better approach. First take the
existing scheme that the user has and examine the number of steps taken to
do each operation and the information required to make a decision. Then
provide a secure scheme that never requires more effort than the existing
one in terms of number of mouse clicks, amount the user is expected to
remember, complexity of decisions etc.
Secure systems really do have to be that good for users to actually make
use of them.
Not that testing the end results on users wouldn't hurt. But the approach
is used as an excuse for inaction.
Every time we try to improve usability in IETF there is some idiot who will
try to TALK US OUT OF IT by saying that we shouldn't try to do anything
like that without being Pavlov first.
Demanding testing becomes another way to filibuster progress.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131203/8845328e/attachment.html>
More information about the cryptography
mailing list